Setting up Lint4j for command line usage

This section is a howto guide for auditing source with Lint4j by using Sun's PetStore Blueprint as an example.

Configuring Lint4j

The first step is to construct the source and class path information that are needed by the tool to perform a full analysis. For projects with scattered source directories, generated sources, and many dependencies this can look painful. Let's look at how the configuration for Sun's PetStore BluePrint example was created.

The first step is to construct the source path. Change to the base directory of the project, and then look for the first package of the source code, in this case "com" (aka com.sun.j2ee).

%pwd
/Users/Shared/petstore1.3.2
%find . -name com | tr '\n' ':' | sed 's|/com:|:|g'
src/apps/admin/src/admin:src/apps/admin/src/client:src/apps/opc/src:src/
apps/petstore/src:src/apps/supplier/src:src/components/address/src:src/com
ponents/asyncsender/src:src/components/cart/src:src/components/catalog/src:.
/src/components/contactinfo/src:src/components/creditcard/src:src/components
/customer/src:src/components/encodingfilter/src:src/components/lineitem/src:
src/components/mailer/src:src/components/processmanager/src:src/components
/purchaseorder/src:src/components/servicelocator/src:src/components/signon/s
rc:src/components/supplierpo/src:src/components/uidgen/src:src/components/
util/tracer/src:src/components/xmldocuments/src:src/waf/src/controller:src
/waf/src/view/taglibs:src/waf/src/view/template:

The result can be passed as the value for the -sourcepath option of the lint4j launcher. If the audit is conducted using the Ant task, the following commands will produce the value for the sourcepath option:

%find . -name com | tr '\n' ',' | sed 's|/com,|,|g'

Now the class path has to be set. Again, the find command helps us out:

%find . -type f -name \*.jar -o -name \*.zip |  tr '\n' ':'
src/apps/admin/src/client/crimson.jar:src/apps/admin/src/client/jaxp.jar:s
rc/lib/ant/lib/ant.jar:src/lib/ant/lib/jaxp.jar:src/lib/ant/lib/parser.jar:.
/src/lib/base64/base64.jar:src/lib/jstl/commons-collections.jar:src/lib/jstl
/commons-JXPath-0.1-dev.jar:src/lib/jstl/commons-logging.jar:src/lib/jstl/ja
xen-full.jar:src/lib/jstl/jdbc2_0-stdext.jar:src/lib/jstl/jstl.jar:src/lib
/jstl/saxpath.jar:src/lib/jstl/standard.jar

Or, to produce the format used in the Ant task:

%find . -type f -name \*.jar -o -name \*.zip | tr '\n' ','

Performing the first Audit

Let's run the first test. We use the option -v 1 to get only the severest warnings.

lint4j  -v 1 -sourcepath src/apps/admin/src/admin:src/apps/admin/src/client:src/apps/opc/src:src/apps/petstore/src:src/apps/supplier/src:src/components/address/src:src/components/asyncsender/src:src/components/cart/src:src/components/catalog/src:src/components/contactinfo/src:src/components/creditcard/src:src/components/customer/src:src/components/encodingfilter/src:src/components/lineitem/src:src/components/mailer/src:src/components/processmanager/src:src/components/purchaseorder/src:src/components/servicelocator/src:src/components/signon/src:src/components/supplierpo/src:src/components/uidgen/src:src/components/util/tracer/src:src/components/xmldocuments/src:src/waf/src/controller:src/waf/src/view/taglibs:src/waf/src/view/template -classpath src/apps/admin/src/client/crimson.jar:src/apps/admin/src/client/jaxp.jar:src/lib/ant/lib/ant.jar:src/lib/ant/lib/jaxp.jar:src/lib/ant/lib/parser.jar:src/lib/base64/base64.jar:src/lib/jstl/commons-collections.jar:src/lib/jstl/commons-JXPath-0.1-dev.jar:src/lib/jstl/commons-logging.jar:src/lib/jstl/jaxen-full.jar:src/lib/jstl/jdbc2_0-stdext.jar:src/lib/jstl/jstl.jar:src/lib/jstl/saxpath.jar:src/lib/jstl/standard.jar com.sun.j2ee.\*
src/apps/petstore/src/com/sun/j2ee/blueprints/petstore/tools/populate/AddressPopulator.java:94: (1): The local variable "address" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.petstore.tools.populate.AddressPopulator
src/apps/petstore/src/com/sun/j2ee/blueprints/petstore/tools/populate/UserPopulator.java:87: (1): The local variable "userHome" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.petstore.tools.populate.UserPopulator
src/components/xmldocuments/src/com/sun/j2ee/blueprints/xmldocuments/tpa/TPAInvoiceXDE.java:92: (1): The local variable "systemId" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.xmldocuments.tpa.TPAInvoiceXDE
src/components/xmldocuments/src/com/sun/j2ee/blueprints/xmldocuments/tpa/TPASupplierOrderXDE.java:99: (1): The local variable "systemId" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.xmldocuments.tpa.TPASupplierOrderXDE
src/apps/admin/src/client/com/sun/j2ee/blueprints/admin/client/DataSource.java:204: (1): The enclosing class "com.sun.j2ee.blueprints.admin.client.DataSource.RefreshAction" of this inner class must implement Serializable, but it doesnt.
src/apps/admin/src/client/com/sun/j2ee/blueprints/admin/client/DataSource.java:295: (1): The enclosing class "com.sun.j2ee.blueprints.admin.client.DataSource.OrdersViewTableModel" of this inner class must implement Serializable, but it doesnt.
src/apps/admin/src/client/com/sun/j2ee/blueprints/admin/client/DataSource.java:416: (1): The enclosing class "com.sun.j2ee.blueprints.admin.client.DataSource.OrdersApproveTableModel" of this inner class must implement Serializable, but it doesnt.
src/apps/admin/src/client/com/sun/j2ee/blueprints/admin/client/DataSource.java:609: (1): The enclosing class "com.sun.j2ee.blueprints.admin.client.DataSource.ChartModel.RefreshChartAction" of this inner class must implement Serializable, but it doesnt.
src/components/catalog/src/com/sun/j2ee/blueprints/catalog/client/CatalogHelper.java:166: (1): The local variable "locale" shadows an accessible field with the same name and compatible type in class com.sun.j2ee.blueprints.catalog.client.CatalogHelper
Please add the following types to your classpath for full analysis: [javax.ejb.EJBObject, javax.ejb.EJBHome, javax.servlet.http.HttpServlet, SessionBean, javax.activation.DataSource, javax.servlet.http.HttpSession, javax.mail.Session, javax.servlet.jsp.tagext.TagSupport, Queue, javax.servlet.Filter, TopicConnectionFactory, javax.ejb.EJBLocalObject, javax.jms.TopicConnectionFactory, java.awt.RenderingHints$Key, javax.servlet.http.HttpSessionListener, javax.servlet.http.HttpServletRequest, QueueConnectionFactory, javax.ejb.EntityBean, HttpServlet, javax.servlet.http.HttpSessionAttributeListener, javax.ejb.MessageDrivenBean, javax.ejb.EJBLocalHome, javax.ejb.SessionBean, javax.servlet.ServletContext]

Lint4j warns that it could not perform a full analysis, because the jar files for the EJB, JavaMail, Activation, Servlet, and JMS API are missing from the classpath. They need to be downloaded and added to the class path.

The full analysis can be found in the sample reports section on the web site.